Hello Everyone - I am going crazy. I have 2 ASA 5510's with sec+ and
have working remote access VPN configurations on them. Both ASA outside
interfaces reside in the same subnet and share the same default route
and both inside interfaces are in the same subnet also. I have set the
private and public interfaces correctly and I have gone over the docs
and it all looks normal. Can anyone see what I am missing? It seems so
simple. Here is my config:
ASA1: outside ip 203.206.229.42/29 inside ip 192.168.1.200
vpn load-balancing
priority 10
cluster ip address 203.206.229.44
cluster port 4000
participate
ASA2: outside ip 203.206.229.43/29 inside ip 192.168.1.201
vpn load-balancing
priority 1
cluster ip address 203.206.229.44
cluster port 4000
participate
Here is the output of show vpn load-balancing on ASA1
Status: enabled
Role: Backup
Failover: n/a
Encryption: disabled
Cluster IP: 203.206.229.44
Peers: 1
Load (%) Sessions
Public IP Role Pri Model IPSec SSL IPSec
SSL
------------------------------------------------------------------------
---
* 203.206.229.42 Backup 10 ASA-5510 0 0 0
0
203.206.229.44 Master 0 UNKNOWN n/a n/a n/a
n/a
Here is my debug: debug vpnlb 200
Master peer[203.206.229.44] is not answering HELLO
5718056: Deleted Master peer, IP 203.206.229.44
5718044: Deleted peer[203.206.229.44]
5718072: Becoming master of Load Balancing in context 0.
5718052: Received GRAT-ARP from duplicate master[001c585ad141]
5718054: Detected duplicate master[3030.3163.3538] and going to SLAVE
5718088: Possible VPN LB misconfiguration. Offending device MAC
[001c.585a.d141]
.
5718073: Becoming slave of Load Balancing in context 0.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
